EVGA

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

Author
Cool GTX
EVGA Forum Moderator
  • Total Posts : 31237
  • Reward points : 0
  • Joined: 2010/12/12 14:22:25
  • Location: Folding for the Greater Good
  • Status: offline
  • Ribbons : 123
2024/12/03 07:02:20 (permalink)
Time to PATCH your Linux machines
 
 
BootKitty UEFI malware exploits LogoFAIL to infect Linux systems
 
https://www.bleepingcompu...-infect-linux-systems/
(Excerpt, follow ther link above for ALL the Details)
 
The recently uncovered 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware.
This is confirmed by firmware security firm Binarly, which discovered LogoFAIL in November 2023 and warned about its potential to be used in actual attacks.

Bootkitty and LogoFAIL connection

Bootkitty was discovered by ESET, who published a report last week, noting that it is the first UEFI bootkit specifically targeting Linux. However, at this time, it is more of an in-development UEFI malware that only works on specific Ubuntu versions, rather than a widespread threat.
LogoFAIL is a set of flaws in the image-parsing code of UEFI firmware images used by various hardware vendors, exploitable by malicious images or logos planted on the EFI System Partition (ESP).
"When these images are parsed during boot, the vulnerability can be triggered and an attacker-controlled payload can arbitrarily be executed to hijack the execution flow and bypass security features like Secure Boot, including hardware-based Verified Boot mechanisms," explained Binarly previously.
According to Binarly's latest report, Bootkitty embeds shellcode within BMP files ('logofail.bmp' and 'logofail_fake.bmp') to bypass Secure Boot protections by injecting rogue certifications into the MokList variant.
 
 
 

Learn your way around the EVGA Forums, Rules & limits on new accounts Ultimate Self-Starter Thread For New Members

I am a Volunteer Moderator - not an EVGA employee

Older RIG projects RTX Project  Nibbler


 When someone does not use reason to reach their conclusion in the first place; you can't use reason to convince them otherwise!
#1

0 Replies Related Threads

    Jump to:
  • Back to Mobile